diff --git a/configuration.nix b/configuration.nix
index b449d09..a8bbb87 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,11 +1,16 @@
+{ pkgs
+, ...
+}:
 {
-  pkgs,
-  inputs,
-  modulesPath,
-  lib,
-  ...
-}: {
   imports = [
+    ./services/openssh.nix
+    ./services/misc.nix
+    ./modules/git.nix
+    ./modules/nix-settings.nix
+    ./modules/zfs.nix
+
+    (import ./modules/networking.nix { hostname = "server"; })
+    (import ./modules/users.nix { main-user = "baritone"; })
   ];
 
   boot.loader = {
@@ -14,56 +19,6 @@
     timeout = 0;
   };
 
-  boot.zfs.devNodes = "/dev/disk/by-path";
-
-  nix.settings.experimental-features = ["nix-command" "flakes"];
-  nix.gc = {
-    automatic = true;
-    options = "--delete-older-than 30d";
-  };
-  nix.optimise = {
-    automatic = true;
-    dates = ["05:00"];
-  };
-
-  networking.hostName = "enis";
-  networking.hostId = "2ead098f";
-  networking.networkmanager.enable = true;
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [];
-    allowedUDPPorts = [];
-  };
-
-  home-manager = {
-    extraSpecialArgs = {inherit inputs;};
-    users = {
-      "enis" = import ./home.nix;
-    };
-  };
-
-  users.users."enis" = {
-    isNormalUser = true;
-    hashedPassword = import ./password.nix;
-    extraGroups = [
-      "networkmanager"
-      "audio"
-      "wheel"
-    ];
-
-    shell = pkgs.zsh;
-  };
-
-  users.users."nixos" = {
-    isNormalUser = true;
-    initialPassword = "1234";
-    extraGroups = ["wheel"];
-  };
-
-  users.users.root = {
-    initialPassword = "1234";
-  };
-
   programs.zsh = {
     enable = true;
     enableGlobalCompInit = true;
@@ -77,8 +32,6 @@
     curl
     git
     vim
-
-    zfs
   ];
 
   environment.variables = {
@@ -97,20 +50,5 @@
   programs.mtr.enable = true;
   programs.gnupg.agent.enable = true;
 
-  services.udev.enable = true;
-  services.thermald.enable = true;
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      AllowUsers = null;
-      PermitRootLogin = "no";
-    };
-  };
-
-  nix.settings.trusted-users = ["@wheel"];
-
   system.stateVersion = "24.11";
 }
diff --git a/home.nix b/home.nix
index 29745b0..a974983 100644
--- a/home.nix
+++ b/home.nix
@@ -1,8 +1,8 @@
-{...}: {
+{username ? throw "no username provided" }: {...}: {
   imports = [];
 
-  home.username = "enis";
-  home.homeDirectory = "/home/enis";
+  home.username = username;
+  home.homeDirectory = "/home/${username}";
 
   programs.home-manager.enable = true;
 
diff --git a/modules/git.nix b/modules/git.nix
new file mode 100644
index 0000000..4fa189d
--- /dev/null
+++ b/modules/git.nix
@@ -0,0 +1,6 @@
+{config, ...}:
+{
+  programs.git.config = {
+    safe.directory = [ "/etc/nixos" ];
+  };
+}
diff --git a/modules/networking.nix b/modules/networking.nix
new file mode 100644
index 0000000..618fb13
--- /dev/null
+++ b/modules/networking.nix
@@ -0,0 +1,11 @@
+{ hostname ? "server" }: {...}:
+{
+  networking.hostName = hostname;
+  networking.hostId = "2ead098f";
+  networking.networkmanager.enable = true;
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ ];
+    allowedUDPPorts = [ ];
+  };
+}
diff --git a/modules/nix-settings.nix b/modules/nix-settings.nix
new file mode 100644
index 0000000..5edb85d
--- /dev/null
+++ b/modules/nix-settings.nix
@@ -0,0 +1,12 @@
+{ ... }: {
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.gc = {
+    automatic = true;
+    options = "--delete-older-than 30d";
+  };
+  nix.optimise = {
+    automatic = true;
+    dates = [ "05:00" ];
+  };
+  nix.settings.trusted-users = [ "@wheel" ];
+}
diff --git a/modules/users.nix b/modules/users.nix
new file mode 100644
index 0000000..df4e2b3
--- /dev/null
+++ b/modules/users.nix
@@ -0,0 +1,32 @@
+{ main-user ? throw "No main user" }: { pkgs, inputs, ... }: {
+  home-manager = {
+    extraSpecialArgs = { inherit inputs; };
+    users = {
+      ${main-user} = (import ../home.nix { username = main-user; });
+    };
+  };
+
+  users.users.${main-user} = {
+    isNormalUser = true;
+    hashedPassword = import ../password.nix;
+    extraGroups = [
+      "networkmanager"
+      "audio"
+      "wheel"
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux"
+    ];
+
+    shell = pkgs.zsh;
+  };
+
+  users.users."nixos" = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux"
+    ];
+  };
+
+}
diff --git a/modules/zfs.nix b/modules/zfs.nix
new file mode 100644
index 0000000..60d34d5
--- /dev/null
+++ b/modules/zfs.nix
@@ -0,0 +1,7 @@
+{ pkgs, ... }: {
+  boot.zfs.devNodes = "/dev/disk/by-path";
+
+  environment.systemPackages = with pkgs; [
+    zfs
+  ];
+}
diff --git a/services/misc.nix b/services/misc.nix
new file mode 100644
index 0000000..433a5c1
--- /dev/null
+++ b/services/misc.nix
@@ -0,0 +1,4 @@
+{ ... }: {
+  services.udev.enable = true;
+  services.thermald.enable = true;
+}
diff --git a/services/openssh.nix b/services/openssh.nix
new file mode 100644
index 0000000..5700e44
--- /dev/null
+++ b/services/openssh.nix
@@ -0,0 +1,27 @@
+{ ... }: {
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      AllowUsers = null;
+      PermitRootLogin = "no";
+    };
+    banner = ''
+      OI! THIS IS A REALLY PRIVATE SERVER
+      IF YOU'RE NOT WHO I THINK YOU ARE THEN FOCK OFF!
+    '';
+
+    hostKeys = [
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_rsa_key";
+        type = "rsa";
+      }
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
+  };
+}